cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1320
Views
0
Helpful
6
Replies
Richard Dumag
Beginner

ISE TACACS command authorization question

Hello,,

I would like to allow entry level admins to be able to configure all switch access interfaces/ports.  What is the command?  I've tried different commands but to no avail.  Below are what I have tried so far but do not work.  Any assistance is appreciated.  Thanks.

 

permit      configure      interface all

permit      configure      interface GigabitEthernet all

permit      configure      interface .*

permit      configure      interface GigabitEthernet .*

 

Richard

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Seb Rupik
VIP Advisor

Hi there,

The columns are grant, command, argument. So you will want something like:

 

permit    configure    terminal
permit    interface    GigabitEthernet.*

cheers,

Seb.

View solution in original post

Hi Richard,

It should be:

Permit      shutdown
Permit      no                  shutdown

 Leave out the .*

 

cheers,

Seb.

View solution in original post

6 REPLIES 6
Seb Rupik
VIP Advisor

Hi there,

The columns are grant, command, argument. So you will want something like:

 

permit    configure    terminal
permit    interface    GigabitEthernet.*

cheers,

Seb.

View solution in original post

Hi Seb, 

Thank you for responding and explaining. I will give it a try and let you know. 

 

Richard

 

Hi Seb,

That worked.  Thank you again.

Richard 

Hi Seb,

I have another question.  How can I grant shutdown and no shutdown commands.

I've tried different ways but could not get it to work.  For example

 

permit    shutdown      .*

permit    no shutdown  .*

permit    interface  GigabitEthernet.* shutdown

permit   interface    GigabitEthernet.*  no shutdown

 

Appreciate your help.  Thanks.

 

Richard

 

 

 

Hi Richard,

It should be:

Permit      shutdown
Permit      no                  shutdown

 Leave out the .*

 

cheers,

Seb.

View solution in original post

Hi Seb,

Thank you for the quick reply.  I think I'm understanding the process now.  

 

Richard

 

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (39%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel